Windows XP Services That Can Be Disabled June 15, 2005

Version 1.0 Windows XP services that can be disabled June 15, 2005

By Scott Lowe

One of the most effective ways to secure a Windows workstation is to turn off unnecessary services. This reference sheet lists the Windows XP SP 2 services, describes each service's function, specifies whether you can safely disable the service, and outlines the ramifications of disabling the service. The list assumes the machines is running Windows XP SP2 in a corporate network environment. The list offers one of the following three possibilities for safely disabling each service: • YES = You can disable the service without causing any problems. • MAYBE = The computer's role dictates whether you should or should not disable the service--read the special considerations for further information. • NO = The service is critical to proper Windows operation and should not be disabled.

Service Description Safely Ramifications if disabled Suggested Special Disable? setting Considerations

Alerter Notifies selected users and computers of Yes Programs that use administrative Disable administrative alerts alerts will not receive them.

Application Provides support for application-level Maybe Programs that rely on this service, Enable Only enable when using Layer protocol plug-ins and enables such as MSN Messenger and the Windows firewall or Gateway network/protocol connectivity Windows Messenger will not another firewall. Failure function. to do so can result in a significant security hole.

Application Processes installation, removal, and Yes Users will be unable to install, Disable Management enumeration requests for Active Directory remove, or enumerate any IntelliMirror group policy programs IntelliMirror programs.

Automatic Enables the download and installation of Yes The operating system cannot Enable Automatic updates help Updates critical Windows updates automatically install updates, but keep your computer can still be manually updated at the current. If you do disable Windows Update Web site. the service, perform regular, manual updates.

Background Transfers data between clients and Yes Features such as Windows Update Disable Enable this services if Intelligent servers in the background will not work properly. you enable Automatic Transfer Updates.

Page 1 Copyright ©2005 CNET Networks, Inc. All rights reserved. For more downloads and a free TechRepublic membership, please visit http://techrepublic.com.com/2001-6240-0.html Windows XP services that can be disabled

Service Description Safely Ramifications if disabled Suggested Special Disable? setting Considerations

ClipBook Enables ClipBook Viewer to store Yes ClipBook Viewer will not be able to Disable information and share it with remote share information with remote computers computers.

COM+ Event Allows management of Component No System Event Notification stops Enable System/Syste Services by providing automatic working, which means that logon m Application distribution of events to subscribing COM and logoff notifications will not take components place. Other applications, such as Volume Snapshot service, will not work correctly.

Computer Maintains an up-to-date list of computers Yes Your computer will be unable to Enable Enable this service, if you Browser on your network, and supplies the list to locate other Windows computers on need to share files with programs that request it. The Computer the network other Windows Browser service is used by Windows- computers. based computers that need to view network domains and resources.

Cryptographic Provides three management services: No The associated management Enable Required if you use the services Catalog Database Service, which services will not function properly. Automatic Updates confirms the signatures of Windows files; Windows service; Also Protected Root Service, which adds and used by other Windows removes Trusted Root Certification services, such as Task Authority certificates from this computer; Manager. and Key Service, which helps enroll this computer for certificates

DHCP Client Allows the system to automatically obtain Maybe The system will be unable to obtain Enable You can disabled this IP addressing information, WINS server an IP address, WINS information, service if you do not use information, routing information, and so and the like, from a DHCP server DHCP. forth; is required to update records in and will need to be configured with Dynamic DNS a static address.

Page 2 Copyright ©2005 CNET Networks, Inc. All rights reserved. For more downloads and a free TechRepublic membership, please visit http://techrepublic.com.com/2001-6240-0.html Windows XP services that can be disabled

Service Description Safely Ramifications if disabled Suggested Special Disable? setting Considerations

Distributed Ensures that shortcuts and OLE links Yes Link tracking will be unavailable. Disable Link Tracking continue to work after the target file is Users on other computers won't be Client renamed or moved by maintaining links in able to track links on this computer. the file system

Distributed Coordinates transactions that span Yes Distributed transactions will not Disable Transaction multiple resource managers, such as occur. Coordinator databases, message queues, and file systems

DNS Client Resolves and caches DNS names, No The system will be unable to Enable Stopping this service will allowing the system to communicate with resolve a name and will be able to result in the inability for canonical names rather than strictly by IP communicate only via IP address. A the computer to resolve address client may be unable to names to IP addresses. communicate with its domain controller.

Error Collects, stores, and reports unexpected Yes Error Reporting will occur only for Disable Reporting application crashes to Microsoft kernel faults and some types of user mode faults.

Event Log Allows event log messages to be viewed No Administrators won't be able to view Enable in Event log to assist in problem logs, including the security log, resolution increasing the difficulty of diagnosing problems and detecting security breaches.

Fast User Enables management for applications Yes Fast User Switching will be Disable Doesn't work in domain Switching that require assistance in a multiple user unavailable. environments anyway. Compatibility environment

Help and Enables Help and Support Center to run Yes The Help and Support Center will Enable Support on this computer be unavailable.

Page 3 Copyright ©2005 CNET Networks, Inc. All rights reserved. For more downloads and a free TechRepublic membership, please visit http://techrepublic.com.com/2001-6240-0.html Windows XP services that can be disabled

Service Description Safely Ramifications if disabled Suggested Special Disable? setting Considerations

HID Input Enables generic input access to Human Maybe Hot buttons controlled by this Disable Required for some "hot Interface Devices (HID), which activates service will no longer function. buttons" on newer and maintains the use of predefined hot keyboards. Can be safely buttons on keyboards, remote controls, enabled if these buttons and other multimedia devices don't work with this service disabled.

IMAPI CD- Manages CD recording using Image Maybe This computer will be unable to Enable This service can be Burning COM Mastering Applications Programming record CDs. disabled if you don't have Interface (IMAPI) a CD-RW drive in your system.

Indexing Indexes contents and properties of files Yes Files will not be indexed. Indexing Disable Uninstall this service if Service on local and remote computers; provides can speed searching. you don't plan to use it. rapid access to files through flexible querying language

Internet Provides network address translation, Maybe Networking services such as Disable If you share your Internet Connection - addressing, name resolution and/or Internet sharing, name resolution, connection, you must Firewall (ICF) / intrusion prevention services for a home addressing and/or intrusion enable this service. Sharing (ICS) or small office network prevention will be unavailable.

IPSEC Provides end-to-end security between Maybe TCP/IP security between clients Disable If you connect over an services clients and servers on TCP/IP networks and servers on the network will be IPSec secured impaired. connection, don't disable this service.

Logical Disk Waits for new drives to be added and Yes New disks will not be detected by Enable Leaving this service Manager passes required information to the LDM the system. enabled makes it easy to administrative service; required to ensure add new drives to the dynamic disk information is up to date system. In a very high security environment, this should not be allowed.

Page 4 Copyright ©2005 CNET Networks, Inc. All rights reserved. For more downloads and a free TechRepublic membership, please visit http://techrepublic.com.com/2001-6240-0.html Windows XP services that can be disabled

Service Description Safely Ramifications if disabled Suggested Special Disable? setting Considerations

Logical Disk Starts and allows configuration to take Yes None; runs only when needed. N/A Started by the Logical Manager place when a new drive is detected or a Disk Manager service Administrative partition/drive is configured only when needed. Do not disable if you have the Logical Disk Manager Service enabled.

Machine Manages Visual Studio debugging Yes Visual Studio debugging Disable Debug information will not be available. Manager

Messenger Transmits net send and Alerter service Yes Alerter messages will not be Disable messages between clients and servers. transmitted. This service is not related to Windows Messenger

Microsoft Manages software-based volume shadow Yes Software-based volume shadow Disable Leave set at Manual if Software copies taken by the Volume Shadow copies cannot be managed. you intend to use Shadow Copy Copy service Windows Backup. Provider

NetMeeting Enables an authorized user to access this Yes Remote desktop sharing will be Disable If you use NetMeeting, Remote computer remotely by using NetMeeting unavailable. don't disable this service. Desktop over a corporate intranet Sharing

Network Manages the network and dial-up No Network configuration will not be Enable Connections connections for the server, including possible; new connections can't be network status notification and created and services that need configuration network information may fail.

Network DDE Provides network transport and security Yes DDE transport and security will be Disable for Dynamic Data Exchange (DDE) for unavailable. programs running on the same computer or on different computers

Page 5 Copyright ©2005 CNET Networks, Inc. All rights reserved. For more downloads and a free TechRepublic membership, please visit http://techrepublic.com.com/2001-6240-0.html Windows XP services that can be disabled

Service Description Safely Ramifications if disabled Suggested Special Disable? setting Considerations

Network DDE Manages Dynamic Data Exchange (DDE) Yes DDE network shares will be Disable DSDM network shares unavailable.

Network Collects and stores network configuration Maybe Services such as ICS & ICF will not Disable Enable if this computer Location and location information and notifies function. has Internet Connection Awareness applications when this information Sharing enabled or if you (NLA) changes. This service is a part of ICS are using the Internet Connection Firewall.

NT LM Allows users to log on to the network Maybe Users with versions of Windows Disable Enable this service if this Security using NTLM prior to Windows 2000 will be computer needs to log on Support unable to log in to the network. to pre-Windows 2000 Provider computers or domains

Performance Collects performance data for the Yes Performance information will no Disable Logs and computer or other computers and writes it longer be logged or displayed. Alerts to a log or displays it on the screen

Plug and Play Allows an administrator to add hardware No The system will be unstable and Enable to a server and have the server incapable of detecting hardware automatically detect and configure it changes.

Portable Retrieves the serial number of any Yes Protected content might not be Disable Media Serial portable media player connected to this downloaded to the device. Number computer

Print Spooler Manages all local and network print Maybe Printing on the local machine will be Enable Disable this service if you queues and controls all printing jobs unavailable. don't have a printer.

Protected Protects sensitive information such as Yes Protected information will be Enable Storage private keys from exposure except to inaccessible. allowed persons and services

Page 6 Copyright ©2005 CNET Networks, Inc. All rights reserved. For more downloads and a free TechRepublic membership, please visit http://techrepublic.com.com/2001-6240-0.html Windows XP services that can be disabled

Service Description Safely Ramifications if disabled Suggested Special Disable? setting Considerations

QoS RSVP Provides network signaling and local, Yes QoS aware applications with either Disable Enable this service if you traffic-control, set-up functionality for not function, or will not have their use QoS aware (Quality of Service) QoS-aware programs complete functionality. applications. and control applets

Remote Detects unsuccessful attempts to connect Yes Users will need to manually Enable Access Auto to a remote network or computer and connect to other systems. Connection provides alternative methods for Manager connection

Remote Manages dial-up and virtual private Maybe The operating system may not Enable This service is run on Access network (VPN) connections from this function properly. demand by the Remote Connection computer to the Internet or other remote Access Manager Manager networks

Remote Manages and controls Remote Yes Remote Assistance will be Disable Desktop Help Assistance unavailable. Session Manager

Remote Allows processes to communicate No The system will not boot. Don't Enable Procedure internally and across the network with disable this service. Call (RPC) each other

Remote Provides RPC name services similar to No Systems that are running third-party Enable Procedure DNS services for IP utilities looking for RPC information Call (RPC) will be unable to find it. OS Locator components do not use this service, but programs such as Exchange do.

Page 7 Copyright ©2005 CNET Networks, Inc. All rights reserved. For more downloads and a free TechRepublic membership, please visit http://techrepublic.com.com/2001-6240-0.html Windows XP services that can be disabled

Service Description Safely Ramifications if disabled Suggested Special Disable? setting Considerations

Remote Provides a mechanism to remotely Maybe Remote systems will be unable to Disable Some programs require Registry manage the system registry connect to the local registry. this functionality in order Hfnetchk uses this mechanism. to operate. Disabling it can affect the patch utility's operation.

Removable Manages and catalogs removable media Yes Programs that are dependent on Enable Storage and operates automated removable Removable Storage, such as media devices Backup and Remote Storage, will operate more slowly.

Routing and Enables multiprotocol LAN-to-LAN, LAN- Yes Routing and Remote Access Disable Better yet, don't install Remote to-WAN, virtual private network (VPN), services will be unavailable. this service at all. Access and network address translation (NAT) routing services for clients and servers on this network

Secondary Enables starting processes under Yes Users will be unable to use the Disable Logon alternate credentials. If this service is "Run As" feature to elevate stopped, this type of logon access will be privileges. unavailable

Security Stores account information for local Yes Services that rely on requests to Enable If you use don't use Accounts security accounts, which, when started, the SAM database will not function DHCP to obtain an IP Manager allows other services to access the SAM properly. Group Policy objects may address, this service can not operate properly. be disabled.

Server Allows the sharing of local resources such Yes Resources can't be shared, RPC Disable This service must be as files and printers, as well as named requests will be denied, and named enabled on Windows XP pipe communication pipe communication will fail. computers that share files or printers.

Shell Provides notifications for AutoPlay Yes CD-ROMs and other devices will Enable Much easier to leave this Hardware hardware events not automatically function. enabled, and not much of Detection a security risk.

Page 8 Copyright ©2005 CNET Networks, Inc. All rights reserved. For more downloads and a free TechRepublic membership, please visit http://techrepublic.com.com/2001-6240-0.html Windows XP services that can be disabled

Service Description Safely Ramifications if disabled Suggested Special Disable? setting Considerations

Smart Card Manages access to smart cards read by Yes This computer will be unable to Disable If you're using a smart this computer read smart cards. card reader, enable this service.

Smart Card Provides support for earlier smart card Yes The computer will be unable to read Disable If you're using a smart Helper readers attached to the computer legacy smart cards. card reader, enable this service.

SSDP Used to locate UPnP devices on your Yes Your computer will be unable to Disable Discovery home network. Used in conjunction with located uPnP devices on the Universal Plug and Play Device Host, it network. detects and configures UPnP devices on your home network

System Event Required to record entries in the event Yes Certain notifications will no longer Disable Leave enabled for Notification logs; notifies COM+ subscribers about work. For example, synchronization laptops to that power logon and power-related events won't work, as it depends on notifications are passed connectivity information and to the user. Network Connect/Disconnect and Logon/Logoff notifications.

System Performs system restore functions, Yes Automatic system restoration will Disable While this service does Restore including saving periodic checkpoints not be possible. use up some system resources, it can be invaluable for stand alone machines, particularly when a software install goes bad.

Task Enables a user to configure and schedule Yes Tasks will not be run at their Disable Scheduler automated tasks on this computer scheduled times.

Page 9 Copyright ©2005 CNET Networks, Inc. All rights reserved. For more downloads and a free TechRepublic membership, please visit http://techrepublic.com.com/2001-6240-0.html Windows XP services that can be disabled

Service Description Safely Ramifications if disabled Suggested Special Disable? setting Considerations

TCP/IP Required for software distribution in a Yes NetBIOS over TCP/IP clients Disable For small networks, this NetBIOS Group Policy (may be used to distribute including Netlogon and Messenger service may be essential Helper patches) and provides support for might stop responding. Disabling if you share files with NetBIOS over TCP/IP and NetBIOS name may also affect the ability to share others. For larger lookups resources. networks with central file servers, keep disabled on desktops.

Telephony Provides Telephony API (TAPI) support Yes The function of all dependent Disable Only needed for for clients using programs that control programs will be impaired. modem/fax modem use. telephony devices and IP-based voice connections

Telnet Enables a remote user to log on to this Yes Remote user access to programs Disable computer and run programs; supports might be unavailable. various TCP/IP Telnet clients, including UNIX- and Windows-based computers

Terminal Allows users to connect interactively to a Yes May make your computer Disable Services remote computer; Remote Desktop, Fast unreliable. To prevent remote use User Switching, Remote Assistance, and of this computer, clear the check Terminal Server depend on this service. boxes in the Remote tab of the System properties control panel item.

Themes Provides user experience theme Yes Themes cannot be used. Disable management

Uninterruptibl Manages an uninterruptible power supply Yes The UPS cannot communicate with Disable e Power (UPS) connected to the computer the computer. Supply

Universal Plug Used in conjunction with SSDP Discovery Yes Your computer will be unable to Disable and Play Service, it detects and configures UPnP located uPnP devices on the Device Host devices on your home network network.

Page 10 Copyright ©2005 CNET Networks, Inc. All rights reserved. For more downloads and a free TechRepublic membership, please visit http://techrepublic.com.com/2001-6240-0.html Windows XP services that can be disabled

Service Description Safely Ramifications if disabled Suggested Special Disable? setting Considerations

Upload Manages synchronous and asynchronous Yes Certain file transfers will not take Disable Manager file transfers between clients and servers. place. Driver data is anonymously uploaded from these transfers and used by Microsoft to help users find needed drivers. The Driver Feedback Server asks the client's permission to upload the computer's hardware profile and then search the Internet for information about how to obtain the appropriate driver or get support.

Volume Manages and implements volume Yes Shadow copies will be unavailable Disable Enable this service if you Shadow Copy shadow copies used for backup and other for backup and the backup may fail. use Windows Backup on purposes this desktop.

WebClient Enables Windows-based programs to Yes These functions will not be Disable create, access, and modify Internet-based available. files

Windows Manages audio devices for Windows- Yes Audio devices and effects will not Enable Even though it can be Audio based programs function properly. disabled, without this service, you will get no sound.

Windows Provides image acquisition services for Yes Programs that require images, such Enable This service is required Image scanners and cameras as Windows Movie Maker, won't for some scanners and Acquisition function properly. cameras. If you don't (WIA) have a scanner or a camera, you can disable this service.

Windows Adds, modifies, and removes applications Yes People can install no programs, or Enable Installer provided as a Windows Installer (*.msi) make use of Add/Remove package programs.

Page 11 Copyright ©2005 CNET Networks, Inc. All rights reserved. For more downloads and a free TechRepublic membership, please visit http://techrepublic.com.com/2001-6240-0.html Windows XP services that can be disabled

Service Description Safely Ramifications if disabled Suggested Special Disable? setting Considerations

Windows Provides system management No System management and Enable Management information; required to implement performance information will be Instrumentatio performance alerts using Performance unavailable. n (WMI) Logs and Alerts

WMI Driver Monitors all drivers and event trace Yes (extension of WMI only) Enable Extensions providers that are configured to publish Windows Management Instrumentation (WMI) or event trace information

Windows Uses NTP to keep computers in the Yes Time synchronization won't take Enable Time domain synchronized place.

Wireless Zero Automatically configured WiFi (802.11) Maybe You will have to manually configure Disable Enable this service if Configuration network adapters wireless networking. you're using wireless networking.

WMI Provides performance library information Yes This service runs only when Enable Performance from Windows Management Performance Data Helper is Adapter Instrumentation (WMI) providers to clients activated. on the network

Workstation Provides network connections and Yes The computer will be unable to Enable communications using the Microsoft connect to remote Microsoft Network services Network resources.

Scott Lowe has held a variety of jobs in the information technology field. Although he has been involved primarily in IT management and network/systems engineering, he has also served as a DBA, help desk technician, and several other job roles. He is currently the IT Director for Elmira College, a small private college located in Elmira, NY.

Page 12 Copyright ©2005 CNET Networks, Inc. All rights reserved. For more downloads and a free TechRepublic membership, please visit http://techrepublic.com.com/2001-6240-0.html Cheat sheet: Windows XP services that can be disabled

Additional resources • Sign up for our TechRepublic Downloads Weekly Update, delivered on Tuesdays. • Sign up for the Windows XP newsletter, delivered on Thursdays • Sign up for the Windows 2000 Professional, delivered on Tuesdays • Sign up for our TechRepublic NetNote, delivered on Mondays, Wednesdays, and Thursdays. • Check out all of TechRepublic's newsletter offerings. • Cheat sheet: Windows 2000 services that can be disabled • Worksheet: Windows Server 2003 default services

Version history Version: 1.0 Published: June 15, 2005

Tell us what you think

TechRepublic downloads are designed to help you get your job done as painlessly and effectively as possible. Because we're continually looking for ways to improve the usefulness of these tools, we need your feedback. Please take a minute to drop us a line and tell us how well this download worked for you and offer your suggestions for improvement.

Thanks!

—The TechRepublic Downloads Team